I was looking at this and ecryptfs seems cool. I'd like to use it on my server to encrypt git pushes. I dont want to ssh in everytime to mount/unmount the encrypted folder. However once in a while when i reboot or whatever it is fine.

I like the idea that someone at my provider cant see my folder when scanning through a bunch of harddrives but is it relatively safe that the folder is always mounted? I dont think the password would be in memory plaintext? nor can someone connect to my server due to it being on the network and be able to access files? (the enc/prv folder would be 700)

Do i really have anything to worry about if i leave it mounted all the time? My server is debian 6 (squeeze) if thats interesting.

1 Answer
1

Leaving and encrypted filesystem mounted increase the attack surface, i.e., there are a few more places where an attacker can exploit a vulnerability and get access to your files.

If the attacker can run code as your user, she can access your files. If the encrypted filesystem wasn't mounted, she wouldn't have direct access to your files, but there's a good chance she'd be able to inject some kind of trojan (e.g. a keylogger) and obtain your passphrase eventually.

If the attacker can read the memory of your processes, she gets the secret key, which she can use to decrypt an offline copy of the files if she has one (e.g. from a stolen backup). Your password doesn't remain in memory (hopefully, I haven't checked the code), but the secret key has to. If the filesystem wasn't mounted, she wouldn't get anything. But if she could read the memory of the mount process when it's mounting the filesystem, she would get the secret key then.

If the attacker can read files with your user's permissions, she gets the plaintext. If the filesystem was not mounted, she would only get the ciphertext and the passphrase-encrypted secret key (which she could try to brute force with a password cracker).

Overall the increase in the attack surface is slight. Encfs can automatically unmount the filesystem after a period of inactivity (encfs -i MINUTES) (where activity means open files). It's a good idea to use this if there's a risk that the computer will be physically stolen (mostly relevant for laptops). Otherwise there is only a small gain, because most attack vectors let the attacker do worse things anyway.